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DETAILED ACTION 



1. 



Claims 1-77 are pending. 



Claim Objections 



2. 



Claim 51 is objected to. The claim exceeds one sentence. 



Drawings 



3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) because they 
do not include the following reference sign(s) mentioned in the description, or they are not 
shown in the drawing. 

FIG. 1, #108 is not mentioned in the Specification. 
FIG. 2, #220 is not mentioned in the Specification. 
FIG. 4, #25 & #50 are not shown in the drawing. 

4. Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are required in reply to 
the Office action to avoid abandonment of the application. Any , amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. Each drawing sheet submitted after the filing date of 
an application must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will 
be notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 
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Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 29-56,and 68-72 are rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. The Specification (page 3, line 17) includes a 'carrier 
wave 5 in the definition of computer program product. This is a non statutory embodiment. 
Claims may be limited to a statutory embodiment by reciting "a computer program storage 
medium readable by a computer system. . ." 

Claim Rejections - 35 USC § 112 

6. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

7. Claim 51 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. Claim 51 fails to clearly claim subject matter. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b),.by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
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patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

9. Claims 1-4, 27-32, and 55-58 are rejected under 35 U.S.C. 102(e) as being anticipated by 
US Patent 7,051,322 B2 to Rioux. 

Per claims 1,29, and 57: 
A method comprising: 

-receiving into an execution environment input component code and a runtime security policy; 
-generating a call graph of call paths through the input component code simulated in 
combination with at least one symbolic component representing additional arbitrary code that 
complies with the runtime security policy. 

Rioux: Col 12: 17, 22-30, symbolic representations, Variablizer comprises a variablizer unit 
322, argument detection block. . .includes resource reconciliation and mapping as well as 
symbol interpretation and insertion, col. 13: 7-44, data flow graph, is passed to control flow 
transformer. . .results in a set of data and control flow graphs and associated parameters. Both 
the control flow and data flow of the original executable code (input component code) are 
completely modeled... including functions (calls), col. 13: 57-63, GUI 410, analysis generation 
configuration (additional arbitrary code), creating models for software vulnerability and / or 
quality assessment and related analysis and results reporting. 
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Per claims 2, 30, and 58: 

-a possible execution path through the input component code that is compliant with the runtime 
security policy is represented by an individual call path. 

Rioux: Col. 2:32-40, all paths are identified. Col 2:41-44, analysis platform to determine if 
security vulnerabilities or general quality issues exist in control flow, control logic, or data 
organization of the modeled code. 

Per claims 3 and 31: 

-at least one node in the call graph includes a symbolic permission set and a known method 
implementation. 

Rioux: Col. 10: 65-67, Suites of software vulnerability and other analysis tools, including 
scripts and automated processes can thus be developed to operate on the IR only. Col. 1 1 : 3-9, 
Intermediate representations of modeled executable code can thus be scanned or analyzed for 
flows or conditions, especially including security holes, buffer structure flaws exploitable via 
'buffer overflow' attack, and other known and unknown risk factors. Col. 13: 19, completely 
modeled, including functions (known method implementation). 

Per claims 4 and 32: 

-at least one node in the call graph includes a symbolic permission set and a token representing 
an unknown method implementation. 
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Rioux: Col. 11: 3-9, Intermediate representations of modeled executable code can thus be 
scanned or analyzed for flows or conditions, especially including security holes, buffer structure 
flaws exploitable via 'buffer overflow' attack, and other known and unknown risk factors. 

Per claims 27 and 55: 

-analyzing the call graph and another call graph obtained for a different version of input 
component code to generate a security report that identifies a security vulnerability in the 
different version of the input component code. 

Rioux: Col. 2, line 42, Col. 1 1 : 1 1-20 & 39, disclosed versions & reports. 
Per claims 28 and 56: 

-analyzing the call graph and another call graph obtained for a different version of input 
component code to identify a call path that presents a security vulnerability in the different 
version of the input component code. 

Rioux: Col. 11: 1 1-20, disclosed testing versions. 



Claim Rejections - 35 USC § 103 
10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

1 1 . Claims 5-26, 33-54, and 59-77 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 7,051,322 B2 to Rioux, in view of US Patent Application 2005/0010806 Al to 
Berg et al. 

Per claims 5 and 33: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-initializing a symbolic value that represents data values that may be obtained by the arbitrary 
code at runtime. 

However, Berg disclosed [007 l]a 'data origin lattice 34' indicating the origin of the data, 
specifying that the data is internally generated relative to the analyzed routing. A symbolic 
value from the lattice, representing data values within an acceptable range is used to test (by the 
arbitrary code at runtime) the model. 
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Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 6 and 34: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: updating a symbolic value that represents data values that 
may be obtained by the arbitrary code at runtime based on detection of an additional data value 
that may be passed as a parameter to the arbitrary code at runtime. 
However, Berg disclosed [0078], a variable passed into routines as an argument. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 7 and 35: 

Rioux failed to explicitly disclose: 
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-the generating operation comprises: updating a symbolic value that represents data values that 
may be obtained by the arbitrary code at runtime based on detection of a new dataflow to the 
arbitrary code. 

However, Berg disclosed [0071], data origin lattice, data is internally generated or externally 
generated. [0109], expression lattice, merge results of the prior value and the expression lattice 
for the expression being assigned (update symbolic value). 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 8 and 36: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

generating a class hierarchy that contains classes of the input component code and symbolic 
classes that represent classes of arbitrary code. 

However, Berg disclosed [0289] ANSI C language, known language using classes, such as 
"string class', 'array class', etc. 
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Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 9 and 37: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-identifying one or more methods of the input code component that can be called by the 
arbitrary code. 

However, Berg disclosed [0273], as an example a call to access() a file name (input code 
component), and testing (called by the arbitrary code) the return value from access(). 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 
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Per claims 10 and 38: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-identifying one or more methods of the input component code that can be called by the 
arbitrary code; 

-identifying one or more other methods of the input component code that can be called by the 
identified one or more methods of the input component code. 

However, Berg disclosed [0264], race condition means a pair of routine calls (one or more 
methods / one or more other methods) that happen sequentially in a program and which, if not 
performed atomically, could become a vulnerability. See example code at [0266-0272]. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 11 and 39: 

Rioux failed to explicitly disclose: 

4he generating operation comprises: 

-identifying one or more methods of the input component code that can be called 
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by the arbitrary code; 

-identifying at least one method of the arbitrary code that can be called by a virtual call of the 
identified one or more methods of the input component code. 

However, Berg disclosed [0274], (the calling method is virtual when the derived class's function 
is called) [0278], arguments to a routine may be algorithmically analyzed in view of some 
known behavior about the routine to detect problematic calls. Also see [0027-0028]. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 12 and 40: 

Rioux failed to explicitly disclose: 

-wherein any method reachable by execution in accordance with the runtime security policy is 
represented by one of more nodes in the call graph. 

However, Berg disclosed [0025], creating an intermediate representation (IR) model. Models 
are used in conjunction with a vulnerability database in a vulnerability assessment to determine 
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whether a vulnerability exists. [0027], models the arguments used to call select procedures, 
functions or routines. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 13 and 41: 

Rioux failed to explicitly disclose: 

-wherein the generating operation comprises: 

-generating at least one constraint associated with one or more instructions in the input 
component code. 

However, Berg disclosed, [0040] a memory size lattice, indicating the possible range of sizes 
(associated constraint) of a block of memory. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
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(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 



Per claims 14 and 42: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-generating at least one constraint associated with a parameter of a method call in the input 
component code. 

However, Berg disclosed [0049], The size of the block of memory pointed to by the variable in 
c, in the case could be either 100 bytes or 200 bytes (generate constraint), depending on whether 
the array a or the array b is selected, which in turn depends on whether another variable is i or 0 
(parameter of method call). (See code block at [0048]. ) 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 15 and 43: 

Rioux failed to explicitly disclose: 
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-the generating operation comprises: 

-generating at least one constraint associated with a returned result of a method call in the input 
component code. 

However, Berg disclosed [0078-0079] a variable analyzed to be an array or structure, 
determined to be visible to other routines or passed into other routines as an argument (as a 
returned result), and setting the vulnerability lattice to appropriate values. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 16, 44, and 59: 
Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a call path that presents a security vulnerability in the input 
component code. 

However Berg disclosed [0027-0028], The analysis applies rules to determine inherent 
vulnerability or risk for certain types of errors. 
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Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 17 and 45: 

Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a call path that presents a security vulnerability in the input 
component code and a call path that presents no security vulnerability in the input component 
code. 

However, Berg disclosed, [0008], [0028], determines whether a given routine call. . .poses an 
inherent vulnerability. [0221], select routine calls (determines security vulnerability or no 
security vulnerability). 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 
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Per claims 18 and 46: 

Rioux failed to explicitly disclose: 

-analyzing the call graph to generate a security report that identifies a security vulnerability in 
the input component code. 

However, Berg disclosed, [0225], reports. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 19 and 47: 

Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a call path that satisfies a query. 

However, as an example, Berg disclosed [0279] the vulnerability of system privileges, an 
outside party querying to gain privileged access to the system. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg> because Berg [0005] recognized the 
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difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 20, 48, and 59: 
Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a security- vulnerable usage of a permission demand. 
However, Berg disclosed, as an example, an outside party attempting to gain privileged access 
to the system [0279-0288]. The system analyzes in view of some known behavior about the 
routine. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 21, 49, and 60: 
Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a security- vulnerable usage of a permission assertion. 
However, Berg disclosed, as an example,[0281], analyzing the calls to identify vulnerable usage 
of permission assertions. 
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Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 22, 50, and 61: 
Rioux failed to explicitly disclose: 

-analyzing the call graph to identify a lack of uniform usage of security checks. 
However, Berg disclosed [0282], resource's ACL (access control list) should never be set to 
null (identify a lack of uniform usage) because the resource would then be accessible or 
modifiable by an unauthorized user. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 23, 51, and 62: 

Rioux failed to explicitly disclose: 
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-analyzing the call graph to identify an equivalence between use of a permission link-demand 
and a permission demand. 

However, Berg disclosed [0285-0286], in the case of SetSecurityDespriptorDacl, an 
examination of the arguments to the call and knowledge about potential vulnerability, would 
flag a privileged access call. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need - 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 24 and 52: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-generating a class hierarchy that contains classes of the input component code and symbolic 
classes that represent classes of the arbitrary code; 

-generating at least one constraint associated with a virtual call in the input component 
code; 

-evaluating the at least one constraint by a symbolic computation on potential target classes for 
the virtual call in the generated class hierarchy. 
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However, Berg disclosed [0046] c / C++ language, known to use class formats. [0283], parser 
creates an IR, provides a symbol table, includes control flow statements. Also see rejection of 
claims 11, 13, and 14 above, as related to virtual calls and constraints. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 25 and 53: 

Rioux failed to explicitly disclose: 

-the generating operation comprises: 

-generating at least one constraint associated with either a security demand or a security assert 
in the input component code; 

-evaluating the at least one constraint by a symbolic computation on dynamic permissions of the 
input component code and on a parameter permission of the security demand or the security 
assert; 

-conditionally generating at least one additional constraint associated with one or more 
instructions located in the input component code after the security demand or assert, responsive 
to the evaluating operation. 
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However, Berg disclosed [0222], a vulnerability database of pre-identified routines and the 
conditions that can cause a vulnerability. Accordingly lattices (constraints) are formed to test 
the code. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 26 and 54: 

Rioux failed to explicitly disclose: 

-analyzing the call graph to classify, based on permissions, pieces of code performing sensitive 
actions in the input component code. 

However, Berg disclosed [0028-0029] analyzing the call graph (IL) to classify pieces of code 
performing sensitive actions. As an example [0279] discloses 'based on permissions.' 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
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(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 63, 68, and 73 : 

Rioux failed to explicitly disclose: 

A method comprising: 

analyzing relative to at least one query a call graph of call paths through input component code 
simulated in combination with at least one symbolic component representing additional arbitrary 
code that complies with a runtime security policy; 

-identifying a subset of the call paths in the call graph that satisfy the query. 

However, Berg disclosed [0276-0277] branches / arbitrary control flow (subset of call paths / 
additional arbitrary code). Also, see rejections addressed in claims 1 and 19 above. 

Therefore, it would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to modify Rioux, using the teachings of Berg, because Berg [0005] recognized the 
difficulty in detecting vulnerabilities in the programs. Likewise, Rioux recognized the need 
(col. 2: 9) for complete security vulnerability analyses and forensic study of failed, 
malfunctioning, or suspect code. 

Per claims 64, 69, and 74: 

See rejections of limitations as addressed in claim 59, noted above. - 
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Per claims 65, 70, and 75: 

See rejections of limitations as addressed in claim 60, noted above. 
Per claims 66, 71, and 76: 

See rejections of limitations as addressed in claim 61, noted above. 
Per claims 67, 72, and 77: 

See rejections of limitations as addressed in claim 62, noted above. 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Mary Steelman, whose telephone number is (571) 272-3704. The 
examiner can normally be reached Monday through Thursday, from 7:00 AM to 5:30 PM If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Wei 
Zhen can be reached at (571) 272-3708. The fax phone number for the organization where this 
application or proceeding is assigned: 571-273-8300. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the TC 2100 Group receptionist: 571-272-2100. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Mary Steelman 
02/06/2007 




